The Noggin Platform
The world’s leading platform for integrated safety & security management.
Find Your Solution
-
Crisis Management
-
Emergency Management
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Featured Modules
- Incident Response Plans & Checklists
- Critical Infrastructure Protection
- Welfare Checks
- Continuous Improvement
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Security Threat Assessment
- Incident Management
- Planned Events
- Lone Worker Management
-
Safety Management
-
Employee Health & Wellbeing
-
Governance, Risk & Compliance (GRC)
-
Asset Management
-
Contractor Management
-
Visitor Management
-
Emergency Management
All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.
Featured Modules
- Incident Management
- Injury Management
- Online Inductions
- Reporting & Analytics
Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.
Featured Modules
- Wellbeing Reporting
- Ergonomic Assessment
- Vaccination Management
A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.
Featured Modules
- Audits
- Inspections
- Take 5
- Standards Compliance
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.
Featured Modules
- Asset assessments & checklists
- Workorder Management
- Planned Maintenance
- Asset Status Tracking
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Featured Modules
- Contractor Entities
- Contractor Workers
- Contractor Plant
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Featured Modules
- Visitor Registration (QR Code)
- COVID Management
- Emergency Notifications
- Host Notifications
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Featured Modules:
Situational Awareness & Reporting - Incident & Special Event Pre-Planning
- Damage Assessments
- Exercise Management
-
Physical Security
-
Cyber Security
-
Visitor Management
-
Critical Infrastructure Protection
-
Emergency Management
-
Governance, Risk & Compliance
-
Asset Management
-
Contractor Management
Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Featured Modules
- Visitor Registration (QR Code)
- COVID Management
- Emergency Notifications
- Host Notifications
Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.
Featured Modules
- Risk & Threat Assessments
- Security Inspections
- Crowded Place & Impact Assessments
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Situational Awareness & Reporting
- Incident & Special Event Pre-Planning
- Damage Assessments
- Exercise Management
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Assessments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.
Featured Modules
- Asset assessments & checklists
- Workorder Management
- Planned Maintenance
- Asset Status Tracking
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Featured Modules
- Contractor Registration
- Permit to Work
- Work Orders
- Contractor Self-Administration
-
Business Continuity Planning
-
Crisis Management
-
Governance, Risk & Compliance (GRC)
-
Continuity of Operations (COOP)
Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.
Featured Modules
- Business Impact Assessments
- Incident & Exercise Management
- Recovery Strategy Tracking
- Continuity of Operations (COOP)
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Featured Modules
- Incident Response Plans & Checklists
- Critical Infrastructure Protection
- Welfare Checks
- Continuous Improvement
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.
Featured Modules
- Business Impact Assessments
- Threat & Hazard Identification
- Continuity of Operations Plans Management
- Testing, Training & Exercises
Guide
10 Steps to an Effective Crisis Management Plan
Article
The Stages of Crisis: Understanding the Crisis Management Lifecycle
- Work Safety Resources
- Emergency Management Resources
- Crisis Management Resources
- Business Continuity Resources
- Security Management Resources
eBook
Understanding ISO 22361 for Crisis Management
eBook
Best Practice Strategies to Maintain Resilience
NEWS
Technology expert's tips for safety management platforms
NEWS
A Comprehensive Guide to Understanding ISO45001
Who We Are
The world’s leading platform for integrated safety & security management.
- Follow us
-
-
-
.svg)
.svg)
.svg)
First, what is enterprise-wide compliance risk management?
Enterprise-wide compliance risk management refers to the process of methodically identifying and addressing the potential events that represent compliance risks to the achievement of strategic objectives, or to opportunities to gain competitive advantage. As compliance threats have grown in kind, from the safety and wellbeing arena to security management and business continuity, we’re offering the following as an overarching explainer to make enterprise-wide compliance risk management a reality at your firm.
Paying the cost of compliance risk management
Indeed, risk management is on most of our minds. Business uncertainty and regulatory compliance have both been in the news for some time now. Even before the global pandemic, Brexit and the unexpected 2016 election of Donald Trump, made regulatory overhaul in two of the world’s largest economic zones, the EU and the U.S., a near certainty.
Nor had businesses completely recovered from the previous shock to the system: the global financial crisis of the late 2000s. At the height of the Great Recession, subnational, federal, and supranational bodies all issued sweeping financial reforms.
Those regulations majorly upped the ante on compliance risk management. As catalogued by London-based think tank JWG, the years 2009 to 2012 saw the publication of over 50,000 regulations across the G20. That number actually rose to 50,000 regulations in 2015 alone.
The cost of complying with those regulations has, of course, been steep for businesses. In fact, the volume of regulation is the key contributor to rising compliance costs. Compliance with the Dodd Frank Wall Street Reform and Consumer Protection Act, for instance, cost banks USD 36 billion, according to the publication Trade. Cumulatively, regulatory compliance cost banks USD 100 billion in 2016.
Financial regulation, though significant, isn’t the only (external) compliance cost driver for firms. Australian enterprises, for instance, spent AUD 94 billion to administer and comply with public sector rules (in general).
Independent of external regulations, companies also develop their own set of rules, regulations, policies, procedures, and laws just to stay competitive in the market and/or limit exposure to unethical conduct.
Compliance with these internal mandates can have significant cost implications, as well. Australian enterprises spent AUD 155 billion to administer and comply with self-imposed rules and regulations, according to Deloitte.
Why doesn’t the cost of compliance risk management add up?
So, businesses are paying a steep price for compliance risk management. But the degree of external and internal business volatility is testing the resilience of even the best-resourced programs. The question is, are compliance risk management investments actually holding up?
Well, if you ask the experts, the answer is no. Sure, companies are spending plenty on compliance, especially regulatory compliance. The problem is that firms are allocating resources without having first developed an enterprise risk management framework for compliance risk management.
Besides being costly and inefficient, this piecemeal approach to compliance risk management ends up limiting the situational awareness of senior leaders. Those same leaders need to make strategic business decisions based on an accurate picture of compliance risk.
Here’s how it usually goes. Without a clear mandate from the top, individual teams begin managing specific compliance requirements as they see fit, usually with a different set of roles, activities, and systems.
With little communication between the (resulting) siloes, the risk of work duplication is high. Businesses might also end up paying double for advanced compliance management solutions that perform the same functions but aren’t configured to exchange relevant data.
The lack of a centralised compliance risk management strategy and the siloing effects that deficiency creates aren’t the only challenges to developing a culture of compliance. The volume of regulation a company must comply with also makes compliance risk management more operationally complex. Often decried in addition to the volume and pace of regulatory changes are:
- The availability and adequacy of resources to implement those changes
- Difficulty in meeting new regulatory expectations
- The potential for increased supervision from regulators
These challenges are all interrelated. More regulatory volatility bumps up compliance risk management costs, creating operational headaches. Those headaches are, then, exacerbated by a lack of an enterprise-wide, centralised approach to managing compliance risk.
The latter is particularly common in companies who tackle compliance risk management in house. After all, those companies are the least likely to have adequate processes, personnel, and tools to achieve basic compliance risk goals.
A lack of risk management and work health and safety management software, in particular, means that teams have to rely more heavily on manual structures, i.e., spreadsheets, word processing, and shared folders. A fledgling company might get by like that. But those home-spun structures won’t scale as firms get larger and reporting requirements increase in kind.
Achieving enterprise-wide compliance risk management
Clearly, the challenges are stark. But achieving efficient, cost-effective compliance risk management is possible.
Senior leaders just have to redirect their company’s compliance efforts (and resources) away from piecemeal interventions and towards an enterprise-wide, compliance risk management strategy. Such a strategy would entail identifying the areas in the organisation with the highest compliance risk and then recalibrating the compliance risk function to monitor those risks.
So, what are some concrete steps to take to turn enterprise-wide compliance risk management into a reality. Firstly, we propose:
- Developing a single overarching framework for compliance across the organisation. In turn, that unifying thread would govern processes taken and tools procured. But that strategy needs to be centred on a complete understanding of the company’s compliance risk, especially existing levels of regulatory scrutiny, which are predictive of future scrutiny.
- Running compliance risk assessments regularly, particularly after major business changes (COVID-19 comes to mind). After all, businesses aren’t static. That’s why these assessments should be done at least annually.
The same logic applies to the dynamic risk and regulatory environment around the business. Teams can’t afford only to focus on once-in-a-generation reforms and crises. They also need to be on the lookout for minor tweaks to statutes, standards, regulations, and court rulings that can affect the company’s compliance requirements.
Business partners need to be part of this calculus, as well. Vendors and contractors deemed unethical in the past create compliance risk and should be factored into a company’s risk-monitoring framework.
After isolating all potential compliance risks, teams will move ahead and analyse those risks. Here is where you should be asking yourself, how likely an individual risk is to occur, and the potential impact of that risk were it to become a compliance incident?
The following step is compliance risk prioritisation. That means triaging risk based on pre-established criteria.
Companies don’t have infinite resources to deal with identified compliance risks. Instead, they will have to use a standardised risk methodology, usually a risk matrix, to determine which risks they will seek to control. That assessment is often made based on (proportional) levels of risk.
Finally, the compliance decision maker, usually a C-level executive reporting directly into the Board’s audit committee, will need to sign off on risk controls. Those are the actual strategies and tools teams will implement to manage high-level risk and promote compliance, either by mitigating the risk or eliminating it altogether.
To make this staged approach work, teams will need to ensure that their processes, policies, and procedures are all standardised. Further, they will need to ensure that the centralisation of the compliance function is reinforced by training and education, as well as clear reporting methods and mechanisms, which keep due diligence and risk assessment efforts current.
The compliance risk management lifecycle
Noticing overlap with the risk management lifecycle? That’s no coincidence. The steps you’ll take to centralise compliance risk mirror the key tenets of the risk management lifecycle.
- Risk identification. The identification stage consists of isolating all potential operational risks, whether recurring risks or potential one-offs. Risk identification involves staff across the business, not just C-suite executives.
- Risk assessment. Once identified, risks must be added to a risk register where they are to be assessed based on a number of factors, including how likely the risk is to occur, how frequently the risk will occur, and the potential risk exposure to human and non-human assets if the risk is not managed. The use of a risk matrix, an established risk assessment methodology, is a standard way of prioritising risks by likelihood and consequences. The severity of each risk can then be assessed separately, either as inherent, target, or residual risk, using a common methodology.
- Analysis. With regards to risk analysis, teams will consider which risk controls (if any) to put in place. Additionally, teams will provide decision makers with a thorough risk analysis, a clear cost and benefit evaluation as well as outlines of possible alternative measures to take.
- Decision. Based on the analysis furnished, decision makers will choose the best control (or combination of controls).
- Implementation. Carrying out the decision taken requires having a plan for applying the selected controls. Adequate time and resources must also be allocated for any control measure to be successful. In addition, implementing controls requires clearly communicating your plan to everyone involved.
- Monitoring. Implementation, however, isn’t the end of the story. Once they’re put in place, controls will have to be consistently monitored to ensure they are working as expected.
The benefits of integrated, compliance risk management and incident management software
When it comes down to it, compliance risk management is just another way of monitoring relevant business changes. However, businesses change often, many times in ways that affect their compliance risk profile.
When those changes happen, compliance teams need be able to document them, whether recording observations or conducting investigations. Keeping information current is vital to effective compliance risk management.
Why? Well, data quality is often cited as a key challenge to effective compliance management. That’s even for teams who used advanced technology.
It’s still too big a task for manual processes. Organisations need automated processes supported by advanced technology to shore up reporting outcomes. Workplace compliance management software gives those businesses the functionality needed to manage a compliance incident, as well as learn from that incident by investigating its root cause, to proactively prevent future incidents.
Don’t choose any old compliance management system software, though. Noggin’s online compliance management system, for instance, boasts the following capabilities necessary to ensure enterprise-wide compliance risk management:
- Capture compliance sources, e.g., mandates, laws, and regulations, or self-enforced, internal programs and policies
- Derive requirements from these sources
- Derive business rules from these requirements, which then dictate specific compliances items, or controls for one or more risks
- And proactively develop activities and capture contacts for compliance actors who must execute those items, as well as assign roles and responsibilities to contacts to determine which activities and business rules are relevant
Keen to learn how else Noggin meets your business needs? Request a demo of our product to learn more.
.svg)
Download your copy
About this Article
Published May 19, 2021